The Internet Services Providers Association announced its finalist for the 2019 Internet Hero and Villain nominations.

The ISPA focussed on assessing the policy challenges presented in a time where technology and especially the internet became fully mainstream and drive innovation and growth. According to ISPA, these challenges are now “some of the biggest issues facing policymakers around the world.”

This year’s Internet Hero nominations include the public figures that are currently battling to increase trust and confidence online; mapping out the evolving broadband landscape in the UK, and working on global internet regulation issues. The Internet Villain nominees take into consideration the impact of the new “technical standards on existing online protections”, the balance between freedom of expression and copyright infringements, and the global telecommunications supply chain.

The nominations come after weeks of consultation and a large amount of input received via mail and Twitter from the public.

Sir Tim Berners-Lee, for leading the ‘Contract for the Web’ campaign to rebuild trust and protect the open and free nature of the Internet in the 30thanniversary of the World Wide Web

Andrew Ferguson, the editor of Thinkbroadband, for “providing independent analysis and valuable data on the UK broadband market since the year 2000.”

Oscar Tapp-Scotting & Paul Blaker, from the Global Internet Governance Team, for “leading the UK Government’s efforts to ensure a balanced and proportionate agenda at the International Telecommunications Union Conference.”

And their evil counterparts:

Mozilla, for their proposition to implement DNS-over-HTTPS “in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK.”

President Donald Trump, for “causing a huge amount of uncertainty across the complex, global telecommunications supply chain in the course of trying to protect national security.”

The winners, chosen by the ISPA Council, will be announced at the ISPA Awards Ceremony that will be held in London on the 11th of July.

Mozilla’s proposition for the DNS-over-HTTPS protocol comes as a measure to protect user data in an era of covert data mining. The company believes to have a duty to do everything to protect its users from the companies and organizations that want to secretly collect and sell their user data.

To do this, Mozilla already added tracking protection and created the Facebook container extension. And more features will be coming in the following months.

Two of these new features are the DNS over HTTPS for which Mozilla was nominated among the Villains, and the Trusted Recursive Resolver, a secure way to resolve DNS provided in collaboration with Cloudflare.

The two measures aim at closing data leaks that come together with the DNS since its beginnings 35 years ago.

Mozilla points at three possible threats: 1. You could end up using an untrustworthy resolver that tracks your requests, or tampers with responses from DNS servers. 2. On-path routers can track or tamper in the same way. 3. DNS servers can track your DNS requests.

And promotes three solutions: 1. Avoid untrustworthy resolvers by using Trusted Recursive Resolver. 2. Protect against on-path eavesdropping and tampering using DNS over HTTPS. 3. Transmit as little data as possible to protect users from deanonymization.

Avoid untrustworthy resolvers by using Trusted Recursive Resolver

“Networks can get away with providing untrustworthy resolvers that steal your data or spoof DNS because very few users know the risks or how to protect themselves.”

Mozilla spent time studying these risks and worked hard to find a company to cooperate with to protect users’ DNS data. This company is Cloudfare, a company committed to user privacy providing a recursive resolution service. All personally identifiable data is deleted after 24h and never passed on to third parties. The company is also subject to regular audits to ensure that the data is being deleted as expected.

Firefox can now ignore the default resolver that the network provides and just use to Cloudflare. This eliminates the problem of rogue resolvers selling user data or spoofing DNS.

Protect against on-path eavesdropping and tampering using DNS over HTTPS

The Internet already has the technology for ensuring that on-path routers can’t track and spoof DNS by seeing the content of the DNS request. By using HTTPS to exchange the DNS packets Mozilla aims at ensuring that no one can spy on the requests its users are making.

Transmit as little data as possible to protect users from deanonymization

Cloudflare will only send the part of data that is relevant to the DNS server it’s talking to at the moment, in a process called QNAME minimization.

Cloudflare will make the DNS requests from one of their own IP addresses near the user, providing geolocation without tying it to a specific user. In addition, Mozilla is looking into how to enable better, fine-grained load balancing in a privacy-sensitive way.

Removing the irrelevant parts of the domain name and not including users’ IP addresses means that DNS servers have fewer data to collect about a user.